Share via

Getting certificate issue problem

Arsenii Shkarlatov 0 Reputation points
2025-09-04T11:17:51.3033333+00:00

Hi, I got this error when tried issue certificate for app service slot custom domain. What i'm doing wrong.

Import/Upload operation failed for certificate
Request Time (in UTC)
9/1/2025 11:18:35 AM
Certificate Name
service-slot.my-custom-domain.com
Reason for Failure
Certificate import failure needs more investigation.
Recommended Action
Please create a support ticket and provide this Correlation Id
AppServicePlan
/subscriptions/
Certificate Import Mode
Managed Certificate (service-slot.my-custom-domain.com)
Azure App Service
Azure App Service

Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jerald Felix 13,500 Reputation points Volunteer Moderator
    2025-09-04T14:17:37.5566667+00:00

    Hello Arsenii Shkarlatov,

    The error "Certificate import failure needs more investigation" is a generic message from Azure that often hides more specific underlying issues. When creating a free App Service Managed Certificate, especially for a deployment slot, the problem is typically related to domain validation or a known issue with the Azure Portal's interface.

    Here are the most common causes and the steps you can take to resolve the issue:

    1. Check for IP Access Restrictions

    If your App Service has IP restrictions (a firewall) configured, it can block the certificate authority's automated validation requests. This is a frequent cause of managed certificate failures.

    Solution: Temporarily remove any IP access restrictions on your App Service and then try to create the managed certificate again. Once the certificate is successfully created and bound, you can re-enable your IP restrictions.

    1. Use the Azure CLI as a Workaround

    There are known instances where the Azure Portal UI fails to create a managed certificate for a deployment slot, while the same operation succeeds using the Azure CLI. This suggests a potential bug in the portal's interface.

    Solution: Try creating and binding the SSL certificate using the Azure CLI. You will need to use the az webapp config ssl create command.

    Example command:

    bash
az webapp config ssl create --resource-group <resource-group-name> --name <app-name> --hostname service-slot.my-custom-domain.com --slot <slot-name>
    1. Verify Your DNS Configuration

    For the certificate creation to succeed, Azure must be able to verify that you own the custom domain. This is done through DNS records.

    Solution:

    Correct CNAME Record: Ensure you have a CNAME record for service-slot.my-custom-domain.com that points to the deployment slot's default Azure hostname (e.g., your-app-name-service-slot.azurewebsites.net).

    DNS Propagation: After creating or updating DNS records, it can take time for them to propagate across the internet. Wait for some time before attempting to validate and create the certificate.

    1. Ensure App Service Plan Requirements

    Free managed certificates and custom domains are only available on certain App Service Plan tiers.

    Solution: Confirm that your App Service Plan is a Basic, Standard, Premium, or Isolated tier. The Free and Shared tiers do not support custom SSL.

    If All Else Fails: Create a Support Ticket

    If you have verified all the steps above and the issue persists, your best course of action is to follow the error message's recommendation. Create an Azure support ticket and provide the Correlation ID from the error details. This will allow the Azure support team to investigate the specific failure on their backend.

    Best Regards,

    Jerald Felix

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.